anhdq201/rukovoditel

Releases0

vuln

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-44949 ↗	Dec 2, 2022Friday, 2 December 2022, 20:15	5.4 MEDIUM	—
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field.
CVE-2022-44947 ↗	Dec 2, 2022Friday, 2 December 2022, 20:15	5.4 MEDIUM	—
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking "Add".
CVE-2022-44952 ↗	Dec 2, 2022Friday, 2 December 2022, 20:15	5.4 MEDIUM	—
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking "Add".
CVE-2022-44951 ↗	Dec 2, 2022Friday, 2 December 2022, 20:15	5.4 MEDIUM	—
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2022-44950 ↗	Dec 2, 2022Friday, 2 December 2022, 20:15	5.4 MEDIUM	—
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2022-44948 ↗	Dec 2, 2022Friday, 2 December 2022, 20:15	5.4 MEDIUM	—
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".
CVE-2022-44944 ↗	Dec 2, 2022Friday, 2 December 2022, 20:15	5.4 MEDIUM	—
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.
CVE-2022-44946 ↗	Dec 2, 2022Friday, 2 December 2022, 20:15	5.4 MEDIUM	—
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.
CVE-2022-44945 ↗	Dec 2, 2022Friday, 2 December 2022, 20:15	9.8 CRITICAL	—
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter.
CVE-2022-43165 ↗	Oct 28, 2022Friday, 28 October 2022, 17:15	5.4 MEDIUM	—
A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create".
CVE-2022-43170 ↗	Oct 28, 2022Friday, 28 October 2022, 17:15	5.4 MEDIUM	—
A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add info block".
CVE-2022-43169 ↗	Oct 28, 2022Friday, 28 October 2022, 17:15	5.4 MEDIUM	—
A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Group".
CVE-2022-43168 ↗	Oct 28, 2022Friday, 28 October 2022, 17:15	9.8 CRITICAL	—
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter.
CVE-2022-43167 ↗	Oct 28, 2022Friday, 28 October 2022, 17:15	5.4 MEDIUM	—
A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add".
CVE-2022-43166 ↗	Oct 28, 2022Friday, 28 October 2022, 17:15	5.4 MEDIUM	—
A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity".
CVE-2022-43164 ↗	Oct 28, 2022Friday, 28 October 2022, 17:15	5.4 MEDIUM	—
A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add".